[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Remaining open issues for RFC-2401bis
At 11:56 AM +0200 3/26/04, Tero Kivinen wrote:
>Stephen Kent writes:
>> I can't comment on what most vendors do in the
>> shared secret case for IPsec implementations. I
>> just cited my bad experience in a different but
>> equivalent context, and it was not good.
>
>All of my bad experiences are because someone thought to be user
>friendly and only created text input box where the password can be
>written. It is extremly hard (or impossible) to write binary key
>0x44f7ba0052dc29b4812d2e9b165b410d to that box, thus that laptop user
>who have only text input box will not be able to use system at all.
>Most of those who provided the hex-input also provided a way to type
>the key in as string.
>
>Thus, saying it is binary string, and you MUST offer way to put in any
>binary string (up to certain length) works better, as it will always
>offer interoperability (I agree it might not be that user friendly,
>but that is something that the vendor can fix if they feel like making
>it user friendly).
And my bad experience is that while I could create and remember a key
in the form of a pass phrase character string, I had to write down
the hex key I created and very carefully, manually enter it into each
system, which was error prone (despite my care), frustrating, and a
very poor use of my time.
I fear that you bring an implementer perspective to the problem, and
I bring a user perspective, and it is unfortunate that the two don't
overlap better :-)
Steve